Password Protected

" > index.html
chmod 644 index.html
2/ ensure it is only access via HTTPS (encrypted) protocol
otherwise passwords will be 'in the clear'
for example the top level index.html always use a link like...
Directory
2/ give it a password
create a ".htaccess" file with something like this...
(adjust the location of the password file to suit,
but must be web server readable
AuthType Basic
AuthName "Password Protected"
AuthUserFile /export/home/s12345/public_html/passwd_prot/.htpasswd
require valid-user
create a password hash (example - uses a script in dwarf's /opt/bin)
passwd_crypt --sha256 mypasswd
which outputs a randomised 'cryptographic hash' of that password
$5$CVxdGCKK$gZaKexorP39LLknntDTWTR59CX432JJO62KMjftkrCC
create a password file with user:passwd_crypt lines
(make sure you use single quotes, or use a text editor)
cd passwd_prot
echo 'john:$5$CVxdGCKK$gZaKexorP39LLknntDTWTR59CX432JJO62KMjftkrCC' > .htpasswd
chmod 644 .htpasswd
When you try to access the directory you will be asked a username and password
which will be (using the above example) john and mypasswd
You can add more users to the file by adding more user:passwd_crypt
lines to ".htpasswd" Or you can just add one user everyone who knows can use!
You can try out the above on my test directory at URL
https://dwarf.ict.griffith.edu.au/~anthony/passwd_prot/
Anthony Thyssen ( System Programmer )
--------------------------------------------------------------------------
Using encryption on the Internet is the equivalent of arranging
an armored car to deliver credit-card information from someone
living in a cardboard box to someone living on a park bench.
-- Gene Spafford
The equivalent of an armored car should always be used to
protect any secret kept in a cardboard box.
-- Anthony Thyssen, On the use of Encryption
--------------------------------------------------------------------------
Anthony's Castle http://www.ict.griffith.edu.au/anthony/